Okay, good. Yeah.
So, my name is Yevhen. I'm with the company Ekran System, and I hope this topic will be not so boring, because it's partially about NAS2, and all the regulations are usually boring. Where should I point?
Yeah, this way. So, NAS2, Network Information Security Regulation, which was introduced on January 16.
This year, it should be implemented by the European countries on October 17, 2024, which is not so critical for Germany, just because Germany has critics, but for other countries, it probably might be very interesting. So, the main point of it is to protect your critical infrastructure, and not complying with this might lead you to the fines, like 10 millions or 20 millions in some cases.
So, I'm with the company, with the vendor here, which introduces the insider threat, insider risk management solution, and we are trying to evaluate how insider threat management practices can help to comply with NAS2 requirements. Okay.
So, insider risk management or insider threat management are always related to the insiders, and insiders are people. Basically, it's all about people. The security threats are about people, but especially insiders. Insiders are people who have the privileged access to your sensitive information.
So, in general, it can be your own employee working with CRM, ERP, or whatever data. It can be the third party, and especially NAS2 says about the third party, vendors, subcontractors, fourth party, nth party.
So, all the people who can get an access to your premises, to your sensitive information. And what this is all about is human resource. The people, they are human resource, and what we can do is to prioritize the human resource security and enforce effective access control policies. That's the main idea of insider threat management. On the first place, we need to ensure human resources security by detecting and investigating any unauthorized or suspicious activities carried out by the users.
So, in the classical privileged access management, it's a discovery. Privileged account discovery, sorry.
Then, control access to sensitive assets. So, controlling means privileged access management in a very classical way. And what we offer from our side, it's the capturing of the user's activity, of privileged user's activity, of what exactly these privileged users are doing within the perimeter with the sensitive information, what are they actually, I don't know, performing or it's user behavior analytics, yeah, also includes this. Zero trust security.
I know that a couple of years it was kind of buzzword, but it's all about the access just in time, just to the place, just for the right person at the right time. So, once again, we are coming to identity and access management, privileged access management, least privileged, I know, whatever you call it, yeah, you just need to grant an access to the right person at the right time and control this access.
So, the ITM, so insider threat management best practices for the zero trust security is what we think is displaying the warning message. So, it's all about human resources, teaching these human resources and by, for example, displaying the warning messages, oh, sorry, John Smith, you are an accountant, but you are currently performing the forbidden action at this point, please stop this. If it doesn't help, we can block the user anytime. Recording user sessions, it can be used for two purposes. One purpose of it is basically the reporting functionality.
Reporting, which will come later on our slides, reporting is a crucial part of an ISTO compliance. So, you need to report within 24 hours about the data breach, let's say, and recording user sessions, it's, on the other hand, we are talking about privileged user. I know that in Germany and in DACH region overall, it's a very tricky topic about the recording user activity, especially on users, on employees activities.
In some other countries, it's less sensitive as here, but still, yeah, here we are talking about the recording user activities for the analysis, what has been done wrong, what has been done right. So, yeah, monitoring user actions during penetration testing.
Well, it's all the same about the monitoring, to be honest, yeah. Mitigate the unauthorised access of own employees, so insiders, or third parties by 2FA, two-factor identification.
Overall, the secure workflow and access request and approval. So, once again, this is still the topic of privileged access management, identity access management, gaining the privileged access to the sensitive information, and approval, like the whole workflow of the approval. And visibility into user behaviours. User behaviour analytics is one of the crucial parts of insider threat management.
So, most of these parts, like identity access management, privilege access management, DLP, data leakage prevention, user behaviour analytics, user activity monitoring. These are main parts of the insider threat management framework I know. Gartner has managed this to create this term.
So, supply chain security. Since the main part of NAS2 and DORA as well, DORA comes alongside with this, it's supply chain.
So, your subcontractors, third-party vendors, fourth-party vendors, and so on, they need to be controlled. So, once again, two-factor identification, identity access management, privileged access management, and so on. And providing third-party vendors with one-time passwords is one of the steps which we think is very useful. Securing RDP connections to your environment to detect unauthorised data access. Detecting unauthorised access and preventing excess misuse is one of the crucial parts. Verifying managing identities.
The managing identities of supply chain members is one of the important things here which we offer also in our approach. So, coming back to what exactly we should do in case of the data breach. NAS2 requires 24 hours for reporting a prompt notification about the issue. 72 hours about the initial assessment of the incident, what has happened.
So, first of all, if this happened, you have 24 hours to tell, sorry, our banking database was broken. After that, you have 72 hours to identify what exactly has happened, and one month to submit a final report within. If you don't comply with this, the fines are coming later, yes, you have fines, I think, 10 million, and in very severe cases, you have fines for about 20 million, or 4% of the revenue.
So, in our case, if you have the user activity monitoring tool, so tools that actually monitor, you have the visually structured evidence, additionally to all the other things, all the other tools which you have implemented, you have the visually structured evidence, all the checkable that you can provide as the evidence. In the US, they use it for the FBI reports, so everything works great.
Yeah, so, incident handling and reporting, yeah. Reporting, reporting the security incidents in real time. That's one of the key features, what we have. You see in the real time what is happening, you can block the user, you can, I know, kill the application, and so on.
Also, you have the audit trail and detailed reports, so logs, metadata, keystrokes, in case you might need it for your internal investigation or external things. And also, review detailed user session recordings, just to identify whose fault was this, what was it exactly, yeah.
Okay, real case. Unfortunately, under NDA, it's a European manufacturer. It has 10 production plants active within 100, I mean, selling their production within 100, more than 100 countries, and one of the key things was for them, okay, compliance with NIS2 came a bit later, but still they have covered it with us. Zero trust principles implementation. Supply chain security, because, of course, if you're in production, you have thousands and thousands of suppliers, and you need to control their access to your premises.
Comply with different regulations, like NIS23424, I think it's automotive cybersecurity compliance for automotive companies, and it's very precise, very specific, for example, for the server, which is a jump server for the inventory, if I'm not mistaken.
And, of course, tracking employees and third-party users' actions, which is also important when you have access to, for the external subcontractor, like, for example, managed service providers who are managing your internal systems, and you need to understand what is actually happening on the server when they manage this, when they maintain this. Okay.
So, one of the challenges was to get a granular control, our access permissions, and audit in privileged sessions. This is all about the user activity monitoring. As a result, we have the human resource security. The second challenge was to manage user privileges within the help of lightweight privileged access management.
Sometimes, you don't need something like CyberArk, which dives deeper into your system, which is heavy to implement, heavy to maintain. Sometimes, they need a lightweight solution, which, actually, Akron can offer in this case. As a result, you have the zero-trust security, supply chain security, and incident handling and reporting in this case.
Yes, here comes the slide with the non-compliance. So, minimum 2 per cent of your revenue. In server cases, you have 20 million fines of non-compliance. I know if you don't report within one month, might you have this fine or not, but still, why should you pay? It's all about money.
Yes, here is the slide about our system and what, actually, we cover within ITM. Yes, so, managing privileged access management.
Yes, very lightweight, classical privileged access management solution. Detect and disrupt insider threat. On top of this, we have the incident response functionality which is based on the predefined rules and user behaviour analytics which can block the user, kill the application, kill the session, and notify the system administrator, notifying the user as well.
Yes, one of the financial sides is avoiding fines and lawsuits, which is very useful when you have 20 million fines. Securing control and access to sensitive information, of course, is one of the most important parts if you're working in a production environment with third-party contractors which can just steal the data in most cases, like, I don't remember, 46 per cent of the data breaches, they might come from the subcontractors' data leakage.
Promptly respond to incidents, so you have the visually structured evidence, you have all the information on your screen, what has happened, whose fault was this, and get full visibility within track of users' actions, so that means that you have logs, you have the metadata, you have the screen capture, and, in this case, you just see what has happened. Yes, a few words about Ekran.
We are ten years on the market, started with lightweight privilege success management, now we are in this kind of insider threat management field, and active in four countries with headquarters in the United States, more than 2,500 customers, and 300 partners globally. Most of our verticals are BFSI, so banking, financial services, insurances, government, telecom, and so on and so forth. Some of the customers are mostly from the financial segment, but we can start small. We don't need 10,000 users to implement our solution, we can start with ten users. Thank you. Just in time.
